Seeking cyber safety: How companies are keeping hackers at bay

If it sometimes seems that the next big hack has either just happened or is about to, that’s because it’s generally the case. Indeed, cybersecurity ranks among four global risk factors highlighted by the World Economic Forum for 2018. In the United States, spending on cybersecurity by companies has more than doubled over the past eight years, to $66 billion. In 2017, the average cost of a breach in North America was $1.3 million for large enterprises and $117,000 for smaller operations, according to a report from Kaspersky Lab.

Here’s a sampling of the ways in which we’re seeing businesses and government entities around the country tackle this growing problem:

Large companies, particularly in the financial sector, are able to throw many resources into finding a solution:

The St. Louis region is home to Mastercard’s operations center, as well as omnipresent financial services firms including Edward Jones and Wells Fargo Advisors. Among that cadre is SixThirty, a global financial technology venture fund and business development program that recognized that the overlap between cybersecurity and financial technology presented an opportunity to create a business development program focused exclusively on cybersecurity startups.

Pervasive digitization has created myriad cybersecurity risks for finance teams everywhere, as Canada’s MacEwan University, in Edmonton, Alberta, recently discovered. But the digital age is also changing the three traditional roles involved in financial governance: chief financial officer (or vice-president finance), audit committee and audit partner.

Healthcare providers are in another industry keenly cognizant of the challenges it faces:

“Ten years ago, hospitals were probably the least aware of the risks in terms of IT of any organization out there. Now they’re some of the most [aware], maybe up there with the financial sector,” says Jarman Joerres, cybersecurity specialist and principal at Boston area–based MedAcuity Software.

It’s particularly important that the healthcare sector keep its patients’ records and other sensitive information unassailable; a patient’s medical history, captured in an electronic health record, could give a hacker access to credit-card information, which would be similar to a breach at a retailer. But electronic health records also could provide a buyer on the dark web with insurance information for fraudulent billing. That’s why electronic medical records bring top dollar on the black market. And it’s why health providers must be on alert.

Cybercrime has also caused major problems in the public sector, which has resulted in some unique deterrents from those in the field:

The nationally recognized Utah Model for local police response to cybercrime was created out of necessity. After high-profile attacks in 2009 and 2012, Public Safety Commissioner Keith Squires determined his agency needed to enhance its cybercrime capabilities. The Utah Department of Public Safety began working with the FBI in its pilot Operation Wellspring program, which grants state and local authorities access to internet crimes data. Within a few years, the Utah Model was born.

It’s not just larger entities that have a pressing need of protection from hacking. A forest of startups has sprung up to help small and mid-sized companies — which don’t always have a dedicated IT person on staff, much less one who specializes in cybersecurity — shield themselves from cyberattacks.

Service providers such as Houston-based Alert Logic and Jungle Disk in San Antonio are new companies joining the fray to help these more vulnerable companies with their security needs.

“My biggest concern is the lack of awareness and [the] complacency we see among some small and medium-sized businesses,” says Neill Feather, president of Scottsdale-based SiteLock, which provides website security solutions for companies.

A few years ago, a Las Vegas couple who had worked in cyber investigations for the U.S. State Department and the United Nations decided to harness their years of experience and launch Axiom Cyber Solutions, serving small to mid-sized companies.

The rapid growth in the number of cybercrimes in recent years seems at times daunting to keep astride. For all the startups coming into the field — such as this one that helps stop digital ad fraud — there still are not yet enough experts to combat the problem. Although nearly 750,000 people are employed in cybersecurity positions in the United States, 286,000 openings currently exist, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education:

A cybersecurity expert at the Univ. of Washington estimates that there are two open jobs in the state for every person already employed in the field of data protection, a situation that is mirrored nationally.

That chronic shortage of qualified cybersecurity workers is similar in Colorado. Cybersecurity companies are popping up across the state, but in 2017, there were 18,308 employed workers in the state’s cybersecurity industry and 9,478 job openings, according to Cyberseek, a workforce and career resource jointly developed by CompTIA and Burning Glass Technologies.

As businesses move away from local systems and into the cloud, the shortage of cybersecurity talent could complicate that effort and is prompting cybersecurity companies to redouble their efforts to identify, recruit and retain qualified employees.

Hiring an outside firm to help keep hackers at bay is important, but businesses can do quite a bit internally, according to cybersecurity experts. “Employees can be a significant line of defense,” says one.

February 27, 2018 - 10:03pm

Crain's Toronto Newsletter

Every Crain’s email newsletter is designed around your preferences,
based on location and the information that matters most to you.